/**
 * 应用安全配置模块
 * 提供常见安全防护功能
 */

// CSP配置
export const cspConfig = {
  defaultSrc: ["'self'"],
  scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
  styleSrc: ["'self'", "'unsafe-inline'"],
  imgSrc: ["'self'", "data:", "https://*.example.com"],
  connectSrc: ["'self'", "https://api.example.com"],
  fontSrc: ["'self'", "https://fonts.gstatic.com"],
  objectSrc: ["'none'"],
  frameSrc: ["'none'"]
};

// XSS防护配置
export const xssProtection = {
  enabled: true,
  mode: 'block'
};

// CSRF防护配置
export const csrfConfig = {
  cookieName: 'XSRF-TOKEN',
  headerName: 'X-XSRF-TOKEN'
};

// 安全头配置
export const securityHeaders = {
  'X-Frame-Options': 'DENY',
  'X-Content-Type-Options': 'nosniff',
  'Referrer-Policy': 'strict-origin-when-cross-origin',
  'Feature-Policy': "geolocation 'none'; microphone 'none'; camera 'none'"
};

// 密码强度验证
export const validatePassword = (password) => {
  const minLength = 8;
  const hasUpperCase = /[A-Z]/.test(password);
  const hasLowerCase = /[a-z]/.test(password);
  const hasNumbers = /\d/.test(password);
  const hasSpecialChars = /[!@#$%^&*(),.?":{}|<>]/.test(password);
  
  return password.length >= minLength && 
         hasUpperCase && 
         hasLowerCase && 
         hasNumbers && 
         hasSpecialChars;
};

// 输入净化
export const sanitizeInput = (input) => {
  return input
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/"/g, '&quot;')
    .replace(/'/g, '&#39;');
};

// 安全日志记录
export const logSecurityEvent = (event, details) => {
  console.log(`[Security Event] ${event}`, {
    timestamp: new Date().toISOString(),
    userAgent: navigator.userAgent,
    ...details
  });
};